Login
Login API is the API utilised to recieve each of the usecases mentioned above under Login protection
Login Identity Protection Integration
Step 1: Front End Integration
In your dedicated Forter portal, you will receive a JavaScript snippet for both sandbox and production. For native mobile apps, you will receive links to download Forter's Native SDKs. You'll paste the JS script on the appropriate pages of your website or call mobile SDK methods on relevant mobile app screens so that it can load and asynchronously collect important behavioral data from your customer. The script or mobileUID generated by the mobile SDK will also generate a unique token for each user on your site that should be included in the Account Login API Request Body.
Step 2: Account Login API
Login Protection API Request
Forter can provide a decision to approve a frictionless login or suggest that Multi-Factor Auth if suspicious activity is detected.
Because of load considerations (bots) Forter typically asks to receive ONLY successfully authenticated traffic (password was correct) via the Account Login API. For full details, please see the Customer Account Login API Reference section for more details.
Primary Data Points are:
- Account ID: Customer's account UID in merchant's site. Should not be the user email. If no account ID is available send NO_ACCOUNT_ID
- User Input: Input details submitted by the user. Required in case Forter does not have a full list of merchant account details (typically email)
- ConnectionInformation - Cyber intelligence data to analyze browsing behavior, device and connection quality such as IP address, user agent and data collected via JS / mobile SDK
- LoginMethodType (e.g. Password vs SMS) and status (indication of success) or
AUTH_TOKEN_REFRESHin the case of refreshing an idle user session - Details of
AdvancedAuthenticationMethodis one was used by the merchant (e.g. MFA was already applied)
{
"accountId": "e520-ba9a-367-60b",
"eventTime": 1415287568000,
"connectionInformation": {
"customerIP": "10.0.0.127",
"userAgent": "Mozilla/5.0 (Windows NT 6.1; WOW64)",
"forterTokenCookie": "2315688945984"
},
"loginMethodType": "PASSWORD",
"loginStatus": "SUCCESS",
"channelType": "WEB",
"userInput": {
"inputType": "EMAIL",
"email": "[email protected]"
}
}Account Login API Response
The Account Login API response includes the Forter decision and potential recommendations, as well as a correlation ID that should be stored and used when the merchant provides additional updates (e.g. result of MFA if additional verification was recommended).
Key Fields:
forterDecision: The latest Forter decision regarding the attempted action. Said fields may hold one of various options:
- "APPROVE" for approved signup requests, where user should be allowed to register for a new accounts;
- "DECLINE" for declined signup requests, where user should be declined from registering for new accounts;
- "VERIFICATION_REQUIRED" for signup requests, where user should be triggered an additional verification (via email, sms, etc.,;
- "NOT_REVIEWED".
recommendation: A specific recommendation for an action that might help the customer to complete their transaction/action (e.g. verify phone via SMS, verify via push notification, verify email, perform a 3DS check, etc.)
correlationId: A Forter unique identifier that should be sent to Forter as part of the AdvancedAuthenticationMethod object to correlate the MFA recommendation given in this response with the relevant additional authentication attempt result.
{
"forterDecision": "APPROVE",
"decisionReason": "",
"accountId": "e520-ba9a-367-60b",
"correlationId": "HGJ7512345H3DE",
"recommendation":""
}{
"forterDecision": "VERIFICATION_REQUIRED",
"decisionReason": "",
"accountId": "e520-ba9a-367-60b",
"correlationId": "HGJ7512345H3DE",
"recommendation": "EMAIL_VERIFICATION",
"verificationMethod":{
"verificationId": "88yr28r890u",
"correlationId": "e520-ba9a-367-60b",
"type": "OTP_EMAIL",
}
}Updated 9 days ago